Site Reliability Engineering Security & AAA Engineer

  • Company:
    ANZ New Zealand
  • Location:
  • Salary:
    negotiable / month
  • Job type:
  • Posted:
    3 weeks ago
  • Category:
  • Join one of NZ’s largest technology shops; offering huge scope for opportunity
  • Plenty of flexible working options; flexi-place, flexi-time, additional leave
  • An opportunity to elevate your career and step into the dynamic world of ANZ’s Payments Site Reliability Engineering Squad.
  • About the role

    A senior security architecture and engineering role, working at all layers of the stack to ensure a unified Security and IAM narrative for the Payments domain. Successful applicants will be expected to be able to actively participate in software, hardware and infrastructure engineering efforts to deliver real-time solutions for compliance assurance, risk assessment, information handling, anomaly detection and response capabilities on behalf of the ANZ Payments tribe.

    The role will be challenging from an engineering, architectural and security domain specialism standpoint; hence a healthy approach to growth and challenge is essential. The role is integrated in alignment with engineering disciplines to be an integral part of the Service and Enablement teams as an enabler to accelerating risk reduction and delivery. The ability to extract value and identify latent capabilities in new or existing engineering solutions is essential. In addition a focus on Cloud services and security would be advantageous in this role.

    Key to the success of the role is the demonstrative continuous improvement of ANZ Payments risk posture as we accelerate the transformation our operating environments.

    Role Location:  Wellington

    Role Type:  Permanent

    Key Duties

  • Develop and execute information security plans and policies.
  • Track and manage risks and drive improvements to security risk posture.
  • Develop and deliver of real-time assurance, controls coverage and measure effectiveness of management and monitoring tools.
  • Develop strategies/playbooks to respond to and recover from a security breach.
  • Develop or implement open-source/third-party tools to assist in detection, prevention and analysis of security threats.
  • Provide awareness training of the workforce on information security standards, policies and best practices.
  • Promote the use of firewalls or segmentation, data encryption and other security products and procedures.
  • Work with CyberSecOps to review periodic network scans to find any vulnerabilities.
  • Manage the execution of penetration testing, simulating an attack on the system to find exploitable weaknesses from external parties and disgruntled users.
  • Monitor networks and systems for security breaches, through the use of software that detects intrusions and anomalous system behaviour.
  • Investigate security breaches.
  • Lead incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage.
  • Skills and competencies

  • Expertise in anti-virus/malware software, intrusion detection/prevention, firewalls/sandboxing and content filtering.
  • A well rounded knowledge on GCP, AWS and Azure security
  • Expertise in APT detection and lateral access detection
  • Knowledge of risk assessment tools, technologies and methods.
  • Knowledge of secure networks design, systems and application architecture including at a cloud level
  • Knowledge of Disaster Recovery, computer forensic tools, technologies and methods.
  • Planning, researching and developing security policies, standards and procedures.
  • Understanding industry trends and advancements
  • System administration, supporting multiple platforms and applications.
  • Expertise with code, malicious code and secure software engineering practices.
  • The IT security engineer should also have experience with and knowledge of:

  • Endpoint security solutions, including file integrity monitoring.
  • Automating security testing tools.
  • Puppet/Kubernetes, Git/Bitbucket to track anomalous changes to code, config and files.
  • Experience with FSI regulatory frameworks (APRA, RBNZ, RBA,MAS).
  • It is desirable that candidates have one or more of the following qualifications and/or certifications:

  • Industry experience in an information security function.
  • Certified Information Systems Security Professional (CISSP).
  • Certified Cloud Security Certification (CCSP)
  • CISM – Certified Information Security Manager (CISM).
  • ISSEP – Information Systems Security Engineering Professional (ISSEP).
  • The IT security engineer is also expected to know compliance standards such as ISO-27000.

    About ANZ

    Our purpose is to shape a world where people and communities thrive. That’s why we strive to create a balanced, sustainable economy in which everyone can take part and build a better life. By helping people make the most of what they have, we transform ideas, hard work and ambition into reality.

    ANZ recognises the value of an inclusive and diverse work environment. We take pride in the diversity of our people and encourage applications from diverse candidates. Our recruitment decisions are based on the key inherent needs and requirements of each role, and candidates are selected based on their unique strengths and characteristics.

    The ANZ values are the foundation of how we work and support our customers.

    Integrity – We are honest and fair

    Collaboration – We work together for the customer

    Accountability – We take ownership and get things done

    Respect – We care for all those we serve

    Excellence – We challenge ourselves to be better

    We work flexibly at ANZ. Talk to us about how this role could be flexible for you.

    ANZ recognises the importance of flexible working, watch our Global Stories to see how ANZ aims to meet the needs of our customers and to attract and retain the best people in a changing world